Metasploit and Nessus

Metasploit provides flexibility to penetration testers as it can support some of the most important tools inside the framework like Nessus and Nmap. You can initiate Nessus scans directly from the metasploit console, import existing scans and actually operate Nessus from inside the framework.

The main advantage is that the information is centralized between these tools since Nessus and Nmap scans are stored in the Metasploit database in an organized manner. Therefore it is possible to launch a Nessus scan via Metasploit, identify a vulnerability and then execute the appropriate exploit without leaving the framework and saving pentesting time.

The first step is to start and connect the postgresql database to Metasploit:


Starting the Database and Verification of Connectivity

If the database is not created you can initiate it with the following command:


Building the Metasploit Database

Then you can load the Nessus plugin:


Load Nessus Inside Metasploit

Before you can operate Nessus via Metasploit you need to authenticate with your existing credentials:


Nessus Authentication via Metasploit

Metasploit requires the policy UUID before the creation of a new nessus scan and the scan ID in order to execute it:


Launching a Nessus Scan

When the scan is finished the list of vulnerabilities that Nessus has discovered can be generated:


Listing Nessus Vulnerabilities

Metasploit can divide also the number of findings by host and criticality:


List of Findings by Host

Existing Nessus scans can also imported to Metasploit.


Importing existing Nessus Scan to Metasploit Database

Running Nessus or Nmap via Metasploit in a large pentest can help the penetration tester to manage his results effectively, save project time and therefore to conduct a quality assessment.